The RISKS Digest
Volume 31 Issue 21

Monday, 29th April 2019

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Russian hackers were in position to alter Florida voter rolls
Rubio)
National Security Council cyberchief: Criminals are closing the gap with nation-state hackers
Cyberscoop
Cryptocurrencies shed $10 billion in an hour on worries over 'stablecoin' tether
CNBC
City of Chicago Almost Lost More Than $1 Million In Phishing Scam
CBS
Invisible Malware Is Here and Your Security Software Can't Catch It
PCMag
Using side-channel attacks to detect malware?
Science Daily
Man guilty for using "USB Killer" against college computers
DoJ
A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions
WiReD
Japan Has a New Emperor. Now It Needs a Software Update.
NYTimes
Japan develops app that yells 'stop' to scare off molesters
The Straits Times
NSA wants to stop drinking from the fire hose
Naked Security
Don't get phished
The Straits Times
"Why I've learned to hate my Apple Watch"
Evan Schuman
Virtual dress-up website settles with the FTC following data breach
The Verge
Docker Hub Breached, Impacting 190,000 Accounts
E-Week
Apple Cracks Down on Apps That Fight iPhone Addiction
NYTimes
Marathon training risk over fitness trackers that 'can't be trusted' to measure distance
Telegraph.co.uk
In Australia, hacked Lime scooters spew racism and profanity
WashPost
The invisibility pic ...
Rob Slade
Travis in IEEE Spectrum on Boeing 737 MAX MCAS software
Peter B Ladkin
Re: How the Boeing 737 Max Disaster Looks to a Software Developer
Dan Jacobson
Thomas König
Re: Is curing patients, a sustainable business model?
Martin Ward
Martin Ward
Re: Should AI be used to catch shoplifters?
Antonomasia
Re: How *not* to kill a news cycle ...
Dan Pritts
Re: Battle for .amazon Domain Pits Retailer Against South American
Dan Jacobson
Re: A video showed a parked Tesla Model S exploding in Shanghai
????
Re: Huawei's code is a steaming pile...
Richard Stein
Martin Ward
Re: EU Tells Internet Archive That Much Of Its Site Is 'Terrorist Content'
TechDirt
Re: An Interesting Juxtaposition
Wol
Info on RISKS (comp.risks)

Russian hackers were in position to alter Florida voter rolls (Rubio)

"Peter G. Neumann" <neumann@csl.sri.com>
Sun, 28 Apr 2019 11:43:35 PDT
https://www.nytimes.com/2019/04/26/us/florida-russia-hacking-election.html


National Security Council cyberchief: Criminals are closing the gap with nation-state hackers (Cyberscoop)

the keyboard of geoff goodfellow <geoff@iconia.com>
Fri, 26 Apr 2019 14:53:27 -1000
EXCERPT:

Cybercriminals are catching up to nation-states' hacking capabilities, and
it's making attribution more difficult, the National Security Council's
senior director for cybersecurity policy said Thursday.

“They're not five years behind nation-states anymore, because the tools
have become more ubiquitous,'' said Grant Schneider, who also holds the
title of federal CISO, at the Security Through Innovation Summit presented
by McAfee and produced by CyberScoop and FedScoop.

Schneider told CyberScoop that he thinks the implants cybercriminals are
using in their cyberattacks have been improving. “The actual sophistication
of the tool is better with criminals than we saw in the past.''

Steve Grobman, the chief technology officer for McAfee, told CyberScoop
that advanced crooks are behaving more corporately, which means they are
able to proliferate higher-quality hacking tools.

“One of the things we're seeing on the business-model side is
cybercriminals are starting to use innovative processes like franchises --
affiliate groups where a cybercriminal will develop technology [and] make it
available to other cybercriminals,'' he said...

https://www.cyberscoop.com/cybercriminals-nation-state-tools-grant-schneider/


Cryptocurrencies shed $10 billion in an hour on worries over 'stablecoin' tether (CNBC)

Gabe Goldberg <gabe@gabegold.com>
Fri, 26 Apr 2019 11:11:48 -0400
<https://www.cnbc.com/2019/04/26/cryptocurrency-bitcoin-price-falls-on-ny-ag-bitfinex-probe.html?__source=iosappshare%7Ccom.apple.UIKit.activity.Mail

What could go wrong?<https://itunes.apple.com/us/app/cnbc/id398018310


City of Chicago Almost Lost More Than $1 Million In Phishing Scam (CBS)

José María Mateos <chema@rinzewind.org>
Fri, 26 Apr 2019 12:58:58 -0400
https://chicago.cbslocal.com/2019/04/18/chicago-department-of-aviation-phishing-scam/

The City of Chicago's Department of Aviation thought it was paying an
approved vendor more than $1 million for services earlier this year.

[...] According to a police report recently obtained by The 2 Investigators,
the Department of Aviation received an email Jan. 24 from what appeared to
be a city-approved vendor, Skyline Management.

The company has been paid more than a quarter of a billion dollars ”-
$284,628,921.17 -“ for custodial services at Midway International Airport
and O'Hare International Airport since 2008, city documents show.

The email requested that Skyline's account payable information be changed
from US Bank to Wells Fargo Bank.

The request was referred to the city comptroller's office to make the
change, which is routine procedure, according to the report. The change was
made, and less than a month later, the city paid the updated account
$1,150,759.82 for services.

But in a call to the Department of Aviation weeks later, Skyline Management
stated they had not received a payment for their services. That's when the
discovery was made: Skyline never requested an account change.


Invisible Malware Is Here and Your Security Software Can't Catch It (PCMag)

Gabe Goldberg <gabe@gabegold.com>
Fri, 26 Apr 2019 13:44:54 -0400
Unfortunately, there's not much you can do to protect existing machines.
"You need to replace critical servers," Knight said, adding that you will
also need to determine what your critical data is and where it's running.
...  Knight added that the only way for most companies to avoid the problem
is to move their critical data and processes to the cloud, if only because
cloud service providers can better protect against this kind of hardware
attack. "It's time to transfer the risk," she said.  And Knight warned that,
at the speed things are moving, there's little time to protect your critical
data. "This is going to get turned into a worm," she predicted. "It will
become some sort of self-propagating worm." It's the future of cyberwarfare,
Knight said. It won't stay the purview of state-sponsored actors forever.

https://www.pcmag.com/article/367947/invisible-malware-is-here-and-your-security-software-cant-c
  [sic!  if that does note work, browse on the subject line.   PGN]

Of course—replace all servers AND move everything critical to cloud.
Easy solutions...


Using side-channel attacks to detect malware? (Science Daily)

Rob Slade <rmslade@shaw.ca>
Sat, 27 Apr 2019 11:59:45 -0700
If there's an anomaly in power consumption for your device or embedded
system it could be infected with malware.
https://www.sciencedaily.com/releases/2019/04/190425115621.htm

It's a variation of the long-standing change detection (or "integrity"
monitoring) type of malware detection.  I suspect it has a ways to go, but
it is an interesting idea ...


Man guilty for using "USB Killer" against college computers (DoJ)

danny burstein <dannyb@panix.com>
Fri, 26 Apr 2019 12:05:11 -0400
Akuthota admitted that on February 14, 2019, he inserted a "USB Killer"
device into 66 computers, as well as numerous computer monitors and
computer-enhanced podiums, owned by the college in Albany.  The "USB Killer"
device, when inserted into a computer's USB port, sends a command causing
the computer's on-board capacitors to rapidly charge and then discharge
repeatedly, thereby overloading and physically destroying the computer's USB
port and electrical system.  [DOJ press release]

https://www.justice.gov/usao-ndny/pr/former-student-pleads-guilty-destroying-computers-college-st-rose


A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions (WiReD)

Bill Meacham <bmeacham98@yahoo.com>
Wed, 24 Apr 2019 14:31:39 +0000 (UTC)
Your bitcoin wallet may not be as secure as you think it is ...  A
'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions
https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/
... researchers not only found that cryptocurrency users have in the last
few years stored their crypto treasure with hundreds of easily guessable
private keys, but also uncovered what they call a "blockchain bandit." A
single Ethereum account seems to have siphoned off a fortune of 45,000 ether
-- worth at one point more than $50 million—using ... key-guessing
tricks.

... the odds of guessing a randomly generated Ethereum private key is 1 in
115 quattuorvigintillion. (Or, as a fraction: 1/2256.) That denominator is
very roughly around the number of atoms in the universe. ... But as he
looked at the Ethereum blockchain, Bednarek could see evidence that some
people had stored ether at vastly simpler, more easily guessable keys. The
mistake was probably the result, he says, of Ethereum wallets that cut off
keys at just a fraction of their intended length due to coding errors, or
let inexperienced users choose their own keys, or even that included
malicious code, corrupting the randomization process to make keys easy to
guess for the wallet's developer.


Japan Has a New Emperor. Now It Needs a Software Update. (NYTimes)

Monty Solomon <monty@roscom.com>
Wed, 24 Apr 2019 09:55:29 -0400
It isn't exactly Y2K, but the country is scrambling to reconcile its systems
with the ancient demands of an imperial calendar.

https://www.nytimes.com/2019/04/23/business/japan-reiwa-calendar.html


Japan develops app that yells 'stop' to scare off molesters (The Straits Times)

Richard Stein <rmstein@ieee.org>
Mon, 29 Apr 2019 10:08:16 +0800
https://www.straitstimes.com/asia/japan-develops-app-that-yells-stop-to-scare-off-molesters

"The Metropolitan Police Department in Tokyo has developed a free smartphone
app that can help scare off would-be molesters as well as activate a
security alarm. Dubbed the Digi Police, the app has been downloaded more
than 220,000 times so far.  A smartphone voice would shout `stop!' when a
Digi Police user activates one of the app's functions to stymie molesters."

Risks: Accidental/unintentional invocation, malicious activation to
dilute/distract police resources. No backup if you have a sore throat and a
flat battery.


NSA wants to stop drinking from the fire hose (Naked Security)

Rob Slade <rmslade@shaw.ca>
Fri, 26 Apr 2019 12:07:00 -0700
In the beginning was the 9/11.  (Well, actually, in the beginning was the
first crypto war, back in the 90s, but ...)  And the government said, let
there be the PATRIOT Act (Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism).  And there was all kinds of warrantless activity.
And the government said, let there be warrantless collection of data about
international (and some local) emails and phone calls.  And there was bulk
metadata collection, and metadata became a new "thing."

And ever since, the NSA has been collecting huge amounts of data, most of
which doesn't indicate much of anything.  Remember cost/benefit analysis?
Well, now the NSA wants to stop doing it.  Or, at least, stop doing most of
it.  Because it's just not worth it.
https://nakedsecurity.sophos.com/2019/04/26/nsa-asks-to-end-mass-phone-surveillance or
https://is.gd/y8oyyj

Lots of things in security sound like maybe a good idea--until you try them.
I well remember the trouble Fred Cohen got into when he started teaching his
security students how to write viruses, as an exercise in trying to improve
security.  He doesn't do that any more.  His students just didn't learn that
much from it.  It's not worth it.

(Oh, and remember: if you're not doing anything wrong, you have nothing to
fear from the gigantic surveillance apparatus that the government is hiding
from you ...)


Don't get phished (The Straits Times)

Richard Stein <rmstein@ieee.org>
Wed, 24 Apr 2019 10:48:49 +0800
https://www.straitstimes.com/tech/dont-get-phished

Singapore's government estimates business phishing losses (via e-mail
impersonation, business email compromise) @ ~S$ 43M in 2017; that's ~US$ 32M
(@ 1.35 SGD/USD).

Using a simple population ratio (SG: 5.5M; US: 330M), equivalent US business
phishing loss estimates rise to 330M/5.5M * US$32M =~ US$ 1.9B.

A similar computation, based on GDP (SG: US$ 0.33T; US: US$ 19.5T),
estimates phishing losses US$ 19.5T/US$ 0.33T * US$ 32M = 59 * US$ 32M =~
US$ 19B. See 2017 GDP estimates:
  https://countryeconomy.com/countries/[singapore,usa

Forbes concludes US business losses @ ~US$ 500M per year.
https://www.forbes.com/sites/leemathews/2017/05/05/phishing-scams-cost-american-businesses-half-a-billion-dollars-a-year/

The FBI investigated ~22,000 business email compromise (BEC) scams between
OCT2013-DEC2016. So, the population scaling method appears to be more
realistic than the GDP scaling approach.

Out of curiosity, I looked up the US Justice Department budget for 2017: US$
28.7B (https://www.justice.gov/jmd/file/821916/download).

With email scams exploding, and human frailties being what they are, it
appears that ~10% of the Justice Department's budget (at 2017 funding
levels) will be consumed by BEC investigations in the near future. Whew!


"Why I've learned to hate my Apple Watch" (Evan Schuman)

Gene Wirchenko <gene@shaw.ca>
Thu, 25 Apr 2019 10:29:20 -0700
The risk here is that if you brag about your marvelous UX, some mean people
may make fun of you when you fail badly.  ("Gene" rhymes with "mean" in case
you were wondering.)  This article is sadly hilarious or hilariously sad or
something.  Enjoy.

Evan Schuman, Computerworld
https://www.computerworld.com/article/3390149/why-ive-learned-to-hate-my-apple-watch.html

In a perfect world, the Apple Watch Series 4 could be great. With a few easy
settings, a glance at the watch would deliver time, temperature, the dial-in
details for your next appointment or many other things that would be
helpful. But we don't live in a perfect world.


Virtual dress-up website settles with the FTC following data breach (The Verge)

Monty Solomon <monty@roscom.com>
Mon, 29 Apr 2019 10:09:56 -0400
“I cannot open i-dressup. Its showing SQL ERROR...why?? I am scared''

https://www.theverge.com/2019/4/27/18518619/i-dress-up-virtual-website-ftc-data-breach


Docker Hub Breached, Impacting 190,000 Accounts (E-Week)

Monty Solomon <monty@roscom.com>
Mon, 29 Apr 2019 10:16:06 -0400
https://www.eweek.com/security/docker-hub-breached-impacting-190-000-accounts


Apple Cracks Down on Apps That Fight iPhone Addiction (NYTimes)

Richard Stein <rmstein@ieee.org>
Sun, 28 Apr 2019 17:09:26 +0800
https://www.nytimes.com/2019/04/27/technology/apple-screen-time-trackers.html

  Over the past year, Apple has removed or restricted at least 11 of the 17
  most downloaded screen-time and parental-control apps, according to an
  analysis by *The New York Times* and Sensor Tower, an app-data firm.
  Apple has also clamped down on a number of lesser-known apps.

  In some cases, Apple forced companies to remove features that allowed
  parents to control their children's devices or that blocked children's
  access to certain apps and adult content. In other cases, it simply pulled
  the apps from its App Store.

  Some app makers with thousands of paying customers have shut down. Most
  others say their futures are in jeopardy.

Chronic iDisorder (see http://catless.ncl.ac.uk/Risks/30/89#subj18.1)
depends on eyeballs hooked by a content-enabled, continuous dopamine flow.

Periodic reminders from an app to "put the device down for 15 minutes" can
disrupt the dopamine flow. Dam the dopamine flow, and content-driven revenue
capture is dammed along with it.

Apple's AppStore dams disruptive apps with impunity.


Marathon training risk over fitness trackers that 'can't be trusted' to measure distance (Telegraph.co.uk)

Richard Stein <rmstein@ieee.org>
Sun, 28 Apr 2019 10:17:20 +0800
https://www.telegraph.co.uk/news/2019/04/27/marathon-runners-warned-fitness-trackers-inaccurately-measuring

"Our tests have found a number of models from big-name brands that can't be
trusted when it comes to measuring distance, so before you buy, make sure
you do your research to find a model that you can rely on."

The article identifies GPS-unequipped fitness tracker measurement variances
of between ~25-50% over/under a full marathon (~26.2 miles/42.2 km).


In Australia, hacked Lime scooters spew racism and profanity (WashPost)

Richard Stein <rmstein@ieee.org>
Thu, 25 Apr 2019 11:18:45 +0800
https://www.washingtonpost.com/technology/2019/04/24/australia-hacked-lime-scooters-spew-racism-profanity

"The video is straight out of a goofy, low budget horror movie: A row of
bright-green Lime scooters, parked neatly on a sidewalk, have come to life,
unleashing a filthy flush of human speech."

"In a statement online, the researchers said a potential hacker—using a
Bluetooth-enabled app from nearly 330 feet away—could lock a scooter,
deploy malware that could take full control of a device or target an
individual rider, causing their scooter to unexpectedly brake or
accelerate."

A "Red Asphalt" warning label, in addition to a helmet, should be
mandatory. They are not your father's Cyclops scooter.


The invisibility pic ...

Rob Slade <rmslade@shaw.ca>
Sat, 27 Apr 2019 12:35:03 -0700
OK, this seems weird, like the hapless bank robbers who smear lemon juice on
the faces because they think CCTV won't be able to see them.

But a new paper, examining artificial intelligence and vision systems, has
found a way to generate images (or "patches") that prevent AI vision systems
from "seeing" you: or, at least, identifying you as a person.
https://arxiv.org/pdf/1904.08653.pdf

And so, a new round of patch image generation, and patch image detection and
avoidance, begins ...


Travis in IEEE Spectrum on Boeing 737 MAX MCAS software

Peter Bernard Ladkin <ladkin@causalis.com>
Sun, 28 Apr 2019 21:16:32 +0200
Gregory Travis published an article on the involvement of the MCAS software
on Boeing 737 MAX aircraft in two recent crashed, on 2019-04-18 in IEEE
Spectrum.  The article is available at
https://spectrum.ieee.org/aerospace/aviation/how-the-boeing-737-max-disaster-looks-to-a-software-developer
(site registration is required).

  [See Jacobson and my comment on König, the next two items.  PGN]

The article has recently been praised by Bruce Schneier in his Crypto-Gram
newsletter and blog
https://www.schneier.com/blog/archives/2019/04/excellent_analy.html and John
Naughton in The Observer newspaper (in "What I'm reading" at
https://www.theguardian.com/commentisfree/2019/apr/28/google-street-view-calculate-car-accident-risks-digital-tech).

Travis has written a readable, but unfortunately technically misleading,
article on the accidents to Boeing 737 MAX 8 aircraft and the involvement of
the MCAS software in those accidents. The purpose of this note is solely to
point out some technically misleading parts of Travis's article and correct
them.

Travis suggests that MCAS was devised to inhibit a tendency to stall in
certain flight regimes.  As far as I know, this is incorrect. Boeing has
said in public that MCAS is not `anti-stall SW'. For example, Flight
International's test pilot Mike Gerzanics operates the type for a `major
carrier' and says in his very first sentence of an article on the
preliminary report of the Ethiopian crash to ET-302.  “the 737 Max family's
Maneuvering Characteristics Augmentation System (MCAS) is not a
`stall-prevention' or `safety' feature.
https://www.flightglobal.com/news/articles/opinion-et302-interim-report-raises-more-questions-457369/

I understand the situation as follows. MCAS was devised to fulfill an
airworthiness certification condition in 14 CFR 25.173 and 14 CFR 25.175. In
high angle-of-attack (AoA) flight configuration, it is required that stick
force/g (the stick force necessary to produce (hold) an incremental normal
acceleration of 1g) and stick movement/g (ditto mutatis mutandis) must
increase (or at least not decrease) with an increase in AoA. I understand
that in flight test, in which `wind-up turns' were conducted (a turn with
increasing angle of bank; an increasing angle of bank means ceteris paribus
increasing AoA), this condition was not fulfilled. MCAS was devised to
ensure its fulfillment.

The reason this characteristic is different in this flight regime from
previous 737 models apparently concerns the engine nacelles, which produce
lift at high AoA, and apparently the lift they produce as AoA increases
means that the stick force/g decreases.

Travis suggests that the geometry of the engines means there is a greater
 tendency for the 737 MAX to pitch up on power application than on previous
 versions of the 737. I haven't seen a good argument that this is the
 case. Indeed, there is reason to think it might well be lower than on
 previous 737 models. The `pitch up' is related to the torque generated
 about the centre of lift (on the underside of the wing) by the engines. The
 centerline of the engines is, I think, closer to the underside of the wing
 than it was in previous models (I don't have a figure), so the `lever arm'
 (technical term) from the centre of thrust to the centre of lift (on the
 wing) may well be reduced.  Engines of the previous generation of 737 were
 the CFM 56-7 series, which had 89-120kN of thrust, depending on the precise
 model. The CFM LEAP-1B engines on the MAX have 130kN of thrust
 https://en.wikipedia.org/wiki/Boeing_737 . 120kN to 130kN is not a big
 increase - the shorter lever arm may well make the pitch-up torque less
 than it was on previous models with 120kN-thrust engines during power
 increase (Travis: `propensity to pitch up with power application'). Travis
 connects this `propensity' with a `tendency to stall'; this `tendency'
 might in fact be reduced on the 737 MAX.

Travis says the `nacelles cause the 737 Max at a high angle of attack to
go to a higher angle of attack'. As far as I know, this is not the case. He
is correct to call such a phenomenon `dynamic instability' but the 737 MAX,
like all other passenger transports, is not dynamically unstable. It is
dynamically stable.

Travis suggests that MCAS is `a cheap way to prevent a stall when the pilots
 punch it'. This is manifestly not the intended purpose of MCAS.

Travis also suggests that in modern transport aircraft there often are “no
actual mechanical connections' between control-command systems available to
the pilots and the control surfaces. In the 737, all such connections are
mechanical—cables and hydraulics—with the exception of the
spoilers. http://www.b737.org.uk/max-spoilers.htm This argument is here a
red herring.

Travis suggests AoA sensors are unreliable: `..particular angle of attack
sensor goes haywire—which happens all the time'. It does not happen `all
the time', or even very often. Peter Lemme writes `Reliability of the AoA
sensor was evaluated over a 4-6 year period, with a mean time between
unscheduled removals was 93,000 hours. A typical airframe is modeled at
about 100,000 hours, so the AoA vane typically last nearly the lifetime of
the airplane.''
https://www.satcom.guru/2019/03/aoa-vane-must-have-failed-boeing-fix.html

Travis writes that there are `...several other instruments that can be used
to determine things like angle of attack. such as the pitot tubes, the
artificial horizons, etc.'' I don't see how pitot tubes can be used to sense
AoA. Pitot tubes measure dynamic air pressure, which, along with static
ports to measure static air pressure, are used to determine airspeed
(usually so-called `indicated airspeed', IAS). When the pitot is not
directly in line with the flow of air around the aircraft, say when the
aircraft is at a high AoA, then errors can be induced into IAS; AoA acts
rather as a corrective input to pitot/static sensing, rather than the other
way around. Artificial horizons are display instruments, not sensors; I see
no way they can be used to sense AoA.

One astonishing misleading statement from Travis reads as follows: “In a
pinch, a human pilot could just look out the window to confirm, visually and
directly, that, no, the aircraft is not pitched up dangerously. That is the
ultimate check.''  No, it is not the `ultimate check'.  Travis seems to be
confusing AoA with pitch angle/attitude. This is something which pilots from
the beginning of their training are expressly taught not to do.

The reason for this early emphasis on not confusing pitch angle with AoA is
as follows. There are still too many general aviation accidents in the
landing pattern, often when pilots are turning on to their final approach,
lined up with the runway, from `base leg', which is at right angles to
final. Pilots can misjudge the turn and `overshoot', that is, reach their
line up to the left of the runway centreline (when flying base from the
right of the runway), resp. right of the centreline (when flying base from
the left). Pilots seeing they might overshoot are tempted to turn more
steeply, which increases AoA and can lead to a stall. Recovering from a
stall, especially an unanticipated stall, often takes more altitude than the
airplane has when turning base-to-final; and the airplane augurs in. It
still happens.

Travis writes “It is astounding that no one who wrote the MCAS software for
the 737 Max seems even to have raised the possibility of using multiple
inputs.''  Quite why he thinks this is any responsibility of the software
engineers is unclear. It is not. It is the responsibility of the control
engineers who designed the system and the safety engineers who performed the
safety analysis.

The safety engineers will have performed a Failure Mode and Effects
Analysis, FMEA, which consists in listing all the possible failures you can
think of, and determining their effects on the flight situation. They will
then have classified those effects according to their severity as none,
minor, major, hazardous and catastrophic (these all have explicit
definitions). According to unverified information I received from a usual
ly-reliable source, the effect was classified as `major' in level flight and
`hazardous' in turns.

We now know after two accidents in level flight that this classification, if
so, is inappropriate. A further issue, to which I do not know the answer, is
whether the analysis was performed on the STS system as a whole, or MCAS
separately. The manufacturer and regulator classify MCAS as a function of
the STS: “Pitch stability augmentation is provided by the MCAS function of
STS'', FAA Flight Standardisation Board Report Draft 17.
https://www.faa.gov/aircraft/draft_docs/media/afx/FSBR_B737_Rev17_draft.pdf

This is all specialist analysis which is generally not performed by software
engineers (although the best software engineers are aware of how to perform
such analyses). Nothing follows from this that software engineering was
somehow responsible for the outcome.

In this context, Travis repeats his assertion that the Boeing 737 MAX is
`dynamically unstable'.  It is not.  I don't think any dynamically unstable
aircraft could be certified according to 14 CFR 25.

As an aside, Travis suggests that "the Lycoming O-360 engine in my Cessna
has pistons the size of dinner plates". The cylinder bore for 0-360 engines
(I flew one for 12 years) is 13cm. My dinner plates (small) have a diameter
of 21cm. My espresso saucers are 12.5 cm. I commend Travis's nourishment
discipline at dinner, but suggest it does not easily generalise.


Re: How the Boeing 737 Max Disaster Looks to a Software Developer (IEEE Spectrum)

Dan Jacobson <jidanni@jidanni.org>
Fri, 26 Apr 2019 05:55:30 +0800
MS> https://spectrum.ieee.org/
Hmmm, requires a (free) account. Maybe I can find another version...
Wait, what's this,
https://nicolas-hoizey.com/2019/04/how-the-boeing-737-max-disaster-looks-to-a-software-developer.html

  Experienced plane pilot and software developer Gregory Travis explains in
  details what led to Boeing 737 Max recent disasters in this long article:
  How the Boeing 737 Max Disaster Looks to a Software Developer.

  Why do I even care?

  My family and I were in one of these Ethiopian Airlines' Boeing 737 Max
  just two weeks before the crash of flight 302, on the same flight from
  Addis Ababa to Nairobi!

  The one that crashed was registered ET-AVJ. The one we took was registered
  ET-AVI. Very close. I guess both have had the very same hardware and
  software.

  It gives me chills every time I think about it...


Re: How the Boeing 737 Max Disaster Looks to a Software Developer (IEEE Spectrum)

Thomas König <tkoenig@netcologne.de>
Wed, 24 Apr 2019 23:52:49 +0200
The article in question consisted of a single URL.  Following the URL,
one is asked to register an account.

The RISK?  Paying for content with your data is a bad habit, for reasons
that most people on this list, including its moderator, should know
fully well.  Please do not contribute to this by posting such
articles.

  [In most cases you can find a mirrored free copy.  Having the
  title is often sufficient.  PGN]


Re: Is curing patients, a sustainable business model? (Drewe, R-31.17)

Martin Ward <martin@gkc.org.uk>
Thu, 25 Apr 2019 13:51:58 +0100
Coincidentally the following news story appeared on the BBC today:
https://www.bbc.co.uk/news/education-48037122

Personally, I think that death by starvation is an excessive punishment for
missing an appointment and getting your benefits sanctioned.  So I would
consider "not allowing people to starve to death" to be a good argument that
food should be issued to the populace free of charge.


Re: Is curing patients, a sustainable business model? (RISKS-31.20)

Martin Ward <martin@gkc.org.uk>
Sat, 27 Apr 2019 14:03:13 +0100
For those who still think that competition improves heathcare, consider the
drug naloxone hydrochloride. This is sold by five big pharmaceutical
companies and demand is soaring, but far from driving the price down, the
cost has soared: from $0.92 a dose ten years ago up to $15.00 a dose. Why is
this?  Google "Opioid Crisis" for the answer.

Drug companies in the US spend tens of billions a year advertising drugs:
how does this help anyone's health?  The USA has some of the highest levels
of anxiety and depression in the world: not surprising when you consider
that the purpose of advertising is to make people more anxious and unhappy.
Naturally, the drug companies are ready with a handful of pills to relieve
the anxiety: followed by another handful to alleviate the side-effects from
the first lot!  A happy, contented population would be terrible for the drug
companies bottom line: so must be averted at all costs.

Attempts to introduce competition into the NHS have been a disaster and,
rightly, resisted by the public.

How do you choose the people who are passionate about caring for others?
Fortunately, they are largely self-selecting: you set up an organisation
whose explicit purpose and top priority is caring for others.  Pay enough
for a comfortable living, but not so much that you attract those who are
"just in it for the money".  Beyond that, it is a case of trying to create a
society as a whole in which caring for others is viewed as a noble passion,
and not despised and excoriated as "Socialism".


Re: Should AI be used to catch shoplifters? (cnn.com, R 31 20))

antonomasia <ant@notatla.org.uk>
Sat, 27 Apr 2019 10:31:07 +0100
Instead of mocking such efforts you could recognise that prior to
the crime of leaving the shop with goods not paid for there could
have been preparation (perhaps conspiracy but not actual theft).

example video: https://www.youtube.com/watch?v=OGcYFG7WzaY


Re: How *not* to kill a news cycle ... (Slade, RISKS-31.20)

Dan Pritts <danno@dogcheese.net>
Wed, 24 Apr 2019 00:01:42 -0400
> you might think it clever to release it in a difficult format, like an
> unsearchable PDF.

It's possible this was the motivation.  It's also possible that they wanted
to be REALLY sure that they didn't fall prey to the well-known RISK of PDFs
that aren't really redacted.  RISKS-22.97 has an account of the DOJ
themselves falling prey to this issue.


Re: Battle for .amazon Domain Pits Retailer Against South American Nations (E-Week)

Dan Jacobson <jidanni@jidanni.org>
Fri, 26 Apr 2019 06:47:04 +0800
>>>>> "MS" == Monty Solomon <monty@roscom.com> writes:
MS> https://www.eweek.com/security/oracle-patches-3-year-old-java-deserialization-flaw-in-april-update

You mean
https://www.nytimes.com/2019/04/18/world/americas/amazon-domain-name.html


Re: A video showed a parked Tesla Model S exploding in Shanghai (RISKS-31.20)

Richard Stein <rmstein@ieee.org>
Fri, 26 Apr 2019 09:45:41 +0800
http://catless.ncl.ac.uk/Risks/31/20#subj5

Resubmitting original post. Visible text omitted comparison between Li-Air
Battery and TNT energy density.

The energy density of a Lithium storage battery, per
https://en.wikipedia.org/wiki/Lithium_air_battery
In the same table, TNT
(https://en.wikipedia.org/wiki/Trinitrotoluene
is 4.1 MJ/kg.

More than 2X!


Re: Huawei's code is a steaming pile... (Shapir, RISKS-31.17)

Martin Ward <martin@gkc.org.uk>
Thu, 25 Apr 2019 13:53:09 +0100
Juggling chainsaws is perfectly safe if you are a highly skilled juggler
and you know exactly what you are doing and can control the surrounding
environment.

But wouldn't it be better if you could use a programming language
which did *not* force you to juggle chainsaws?


Re: Huawei's code is a steaming pile... (Ward, RISKS-31.21)

Amos Shapir <amos083@gmail.com>
Fri, 26 Apr 2019 11:39:37 +0300
C does not force anyone to use strcpy() etc., it had always provided also
similar length-limiting functions strncpy() etc.

Besides, C is a language which lets the programmer control every bit of the
machine, while also demanding that the programmer knows exactly what s/he's
doing (and providing a lot of opportunity for shooting oneself in the foot).

So strcpy() is provided for instances where a programmer is sure that any
possible string given as a source, would never overflow the one given as
destination.  Keep in mind that C was invented at a time when saving 2-3
assembly instructions on every iteration of the copy loop, was considered a
significant improvement!


Re: EU Tells Internet Archive That Much Of Its Site Is 'Terrorist Content' (TechDirt)

Martin Ward <martin@gkc.org.uk>
Fri, 26 Apr 2019 19:59:36 +0100
There is a simple fix to this particular problem: the "competent authority"
has to be a named person who signs an affidavit under penalty of perjury
that they have personally reviewed the request and that every web page that
they demand to be taken down does indeed contain "terrorist" content.  So
if, as in this case, they demand the takedown of the entire Project
Gutenberg archive, it would be sufficient to find a single file in the
archive that is not "terrorist content" (perhaps ebook number 3651 which the
one listing the square root of four to one million decimal places), and the
"competent authority" will be on their way to jail.


Re: An Interesting Juxtaposition (Wirchenko, RISKS-31.20)

Wols Lists <antlists@youngman.org.uk>
Fri, 26 Apr 2019 15:39:39 +0100
I use an expensive (allegedly) truck GPS at work. It allegedly knows my
vehicle is 6'10" wide. So why does it seem to prefer width restrictions
(typically 6'6") and country lanes?

My guess is that while Google has a lot of live data and prefers roads it
knows are flowing, the expensive sat-navs rely on national speed limits. So
rather than picking a road where the traffic is flowing at 50mph, it would
rather pick a country lane where there is no speed limit. The assumption is
that the National Speed Limit is 60mph (it isn't, it's 50mph for a light van
on a single-carriageway road), and that I can actually *do* that speed - I
daren't, many of these roads are not merely single-carriageway but single
track, sunken, with blind bends, and anything much over 20mph is foolhardy.

I think Gene should be blaming the expensive GPS's, not the cheap ones!
Many of my colleagues use Google Maps or Waze because they're so much
better.

Please report problems with the web pages to the maintainer

x
Top